geoSDI Collect - privacy policy

09:02
Unknown
0
Comments

During data submission, some identifying information is transmitted and stored on the server:geoSDI Collect passes the deviceID of the device to the server during the submission process. (the HEAD request that initiates the submission is a URL of the form: .../submission?deviceID=imei%3A9117DD011813771 ). The geoSDI Aggregate server does not store this deviceID in any database tables, but it will generally be emitted into the webserver access log. This deviceID uniquely identifies the device from which the data is submitted. This can be useful when correlating events on the server with interactions from specific devices. Because this is logged, it is likely that a submission can be correlated with a device, and therefore a data collector.If geoSDI ODKAggregate is configured to require authentication (username / password or Google account) for submission (i.e., the Data Collector permission is NOT granted to the anonymousUser), then the username (or Google account) that authenticated is written into the audit fields of the data tables storing the submission. If the anonymousUser is granted Data Collector privileges, no authentication is performed, and "anonymousUser" is written into those fields.

The content of these audit fields is not exposed in exported CSV files, or published to downstream systems. However, because it is present in the database tables, you can definitely correlate this authenticated username or Google account with the submitted data.